使用SpringBoot,我已经激活了SpringSecurity,最初我创建了一个自定义WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${myapp.security.path.secured}")
private String[] arraySecuredPaths;
@Value("${api.root.path}")
private String basePath;
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Autowired
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.customAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] fullSecuredPaths = Arrays.stream(arraySecuredPaths).map(path -> basePath + path).toArray(String[]::new);
http.authorizeRequests().antMatchers(fullSecuredPaths).authenticated().and().httpBasic().and().csrf().disable();
}
}
然后在我的application.properties
中api.root.path=/v1/myapi-name
myapp.security.path.secured=/mypath/pathsecured1,/mypath2,/mypath2/**
工作正常,很酷。
我的问题是,我认为通过使用SpringBoot默认属性
security.basic.path=/v1/myapi-name/mypath/pathsecured1,/v1/myapi-name/mypath2,/v1/myapi-name/mypath2/**
我可以删除SecurityConfiguration中的所有代码及其继承:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration {}
但是,如果我这样做,所有路径都不会得到保护,而不仅仅是定义的路径。
我失踪了什么?